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Introduction 


Most  knowledge  representation  languages  are  based  on  classes  and  taxonomic 
relationships  between  classes  [Bobrow  and  Winograd,  1977],  [Fahlinan.  1979], 
[Brachman,  1983],  [Brachman  et  al.,  1983].  Taxonomic  hierarchies  without 
defaults  or  exceptions  are  semantically  equivalent  to  a  collection  of  formulas 
in  first  order  predicate  calculus.  Designers  of  knowledge  representation  lan¬ 
guages  have  argued  that  there  are  computational  advantages  to  representing 
facts  as  taxonomic  relationships  rather  than  first  order  formulas.  However, 
these  arguments  are  usually  non- technical,  appealing  to  the  reader’s  intuition 
and  common  sense  rather  than  technical  analysis. 

We  define  a  taxonomic  syntax  for  first  order  predicate  calculus.  In  ^ his 
syntax  terms  are  generalised  to  the  notion  of  a  class  expiession.  Each  class 
expression  denotes  a  subset  of  the  first  order  domain  and  all  atomic  formulas 
are  simple  statements  about  class  expressions.  We  show  that  the  quantifier- 
free  taxonomic  literals,  i.e.  atomic  formulas  or  their  negations'  are  more 
expressive  than  literals  of  classical  first  order  logic.  For  example,  there  exists 
a  set  of  two  quantifier-free  taxonomic  literals  that  is  satisfiable  but  is  not 
satisfied  by  any  finite  first  order  structure  —  any  satisfiable  set  of  literals  in 
the  classical  predicate  calculus  with  equality  can  be  satisfied  by  some  finite 
structure.  In  spite  of  the  increased  expressive  power  of  taxonomic  literals, 
we  show  that  the  satisfiability  of  any  set  of  quantifier- free  taxonomic  literals 
is  polynomial  time  decidable. 

The  two  basic  observations  about  taxonom.c  syntax — that  quantifier-free 
taxonomic  literals  are  more  expressive  than  classical  literals,  and  that  the 
satisfiability  of  a  set  of  quantifier-free  taxonomic  literals  is  polynomial  time 
decidable — suggest  that  taxonomic  syntax  is  more  powerful,  in  some  way, 
than  classical  syntax.  However,  these  observations  do  not  provide  any  clear 
way  of  taking  advantage  of  taxonomic  syntax  in  general  theorem  proving.  To 
show  the  value  of  taxonomic  syntax  in  general  theorem  proving,  we  define 
a  “high-level”  proof  system  based  on  a  strengthened  version  of  the  decision 
procedure  for  the  decidability  of  a  set  of  quantifier-free  taxonomic  ’literals. 

'In  taxonomic  syntax  it  is  possible  for  atomic  formulas  to  contain  quantifiers;  the 
decidability  result,  only  applies  to  «>t«  of  oii*r>«;p„r  taxonomic  literals. 


2 


The  strengthened  decision  procedure  provides  a  technical  notion  of  an  “ob¬ 
vious”  step  in  a  mathematical  proof;  a  high-level  proof  is  a  sequence  of  steps 
where  each  step  obviously  follows  from  previous  steps. 

There  is  a  continuum  between  theorem  verification  and  theorem  proving. 
No  modern  theorem  proving  system  can  automatically  find  proofs  of  theo¬ 
rems  as  hard  as  the  prime  factorization  theorem  in  number  theory.  A  man- 
machine  interactive  system,  however,  can  be  used  to  verify  such  theorems 
[Bledsoe,  1977],  [Boyer  and  Moore,  1979],  [Constable  el  al.,  1985],  [Ketonen, 
1984]  [McAlIester,  1989].  Without  powerful  theorem  proving  mechanisms  the 
amount  of  user-provided  detail  required  is  so  large  that  non-trivial  verifica¬ 
tions  are  impractical.  As  the  requirement  for  user-provided  detail  decreases,  a 
verification  system  can  make  a  continuous  transformation  from  being  a  proof 
verifier  to  a  proof  finder.  Thus  the  classification  of  systems  into  verifiers 
and  provers  is  somewhat  arbitrary.  A  high-level  proof  system  combines  the 
notion  of  a  user-specified  proof  with  the  notion  of  a  sophisticated  theorem- 
proving  procedure  that  determines  the  correctness  of  individual  proof  steps. 
The  decision  procedure  for  proof-step  correctness  should  always  terminate 
quickly. 


Many  of  the  features  of  the  high-level  proof  system  introduced  here,  such 
as  focus  objects  and  rules  of  obviousness,  are  independent  of  taxonomic  syn¬ 
tax.  These  features  of  high-level  proof  systems  were  introduced  by  McAlIester 
in  the  Ontic  theorem  verification  system,  [McAlIester,  1989],  and  found  to 
be  effective  in  a  machine  verification  of  a  proof  of  the  Stone  representation 
theorem  for  Boolean  lattices  from  the  axioms  of  Zermelo-Fraenkel  set  the¬ 
ory.  The  high-level  proof  system  introduced  by  McAlIester  is  not  based  on 
taxonomic  syntax.  In  this  paper  we  argue  in  favor  of  taxonomic  syntax  bv 
comparing  the  length  of  high-level  proofs  in  a  system  based  on  classical  syn¬ 
tax  with  the  length  of  proofs  in  an  analogous  system  based  on  taxonomic 
syntax.  We  show  that  any  proof  in  classical  syntax  can  be  translated  into  a 
proof  of  the  same  length  in  taxonomic  syntax.  Furthermore,  we  conjecture 
that  the  converse  is  not  true,  i.e.,  we  conjecture  that  there  exist  proofs  in 
taxonomic  syntax  such  that  all  classical  syntax  proofs  of  the  same  result  are 
much  longer. 


)r 

&l 


cd 


By _ _ 

Oist'ibutionf 


Availability  Codes 


Avail  anchor 
Dist  Special 


A 


□  □ 


2  Taxonomic  Syntax  for  First  Order  Logic 


Our  taxonomic  syntax  for  first  order  logic  is  organized  around  classes  and 
taxonomic  formulas.  Consider  a  model  of  first  order  logic.  Each  class  ex¬ 
pression  of  taxonomic  syntax  denotes  a  subset  of  the  domain,  or  universe  of 
discourse,  of  the  first  order  model.  The  class  expressions  include  ordinary 
first  order  terms  as  a  special  case.  Under  the  semantics  of  taxonomic  expres¬ 
sions,  terms  are  class  expressions  that  denote  singleton  sets.  But  there  are 
many  class  expressions  that  are  not  terms  in  the  ordinary  sense.  For  exam¬ 
ple,  a  predicate  symbol  P  of  one  argument  is  a  class  expression  denoting  the 
set  of  all  objects  in  the  first  order  domain  that  satisfy  the  predicate  P.  If 
s\  ...  sic  are  class  expressions,  and  /is  a  function  symbol  which  takes  k  argu¬ 
ments,  then  f(s\  . . .  s/c)  is  also  a  class  expression  and  denotes  the  set  of  all 
elements  which  can  be  written  as  f(xi  . . .  x^)  where  x,  is  an  element  of  the  set 
denoted  by  s,.  Now  consider  a  k- ary  predicate  symbol  ft,  i.e.,  a  predicate  of 
k  arguments.  A  predicate  of  k  arguments  can  be  viewed  as  a  function  which 
takes  k  —  1  arguments  and  returns  a  set.  More  specifically,  we  can  write 
R(xi . . .  Xk- 1)  to  denote  the  set  of  all  elements  y  such  that  ft (xj  . . .  x*,_i,  y ) 
is  true.  If  Si  . . .  Sk- i  are  class  expressions  then  ft  (sj  . . .  s^-i)  is  also  a  class 
expression  and  denotes  the  union  of  all  sets  of  the  form  ft  (xj  . . .  Xk-i)  where 
x,  is  an  element  of  s,.  A  class  expression  completely  constructed  from  vari¬ 
ables,  constants,  and  function  symbols  will  be  called  a  term.  Terms  always 
denote  singleton  sets.  In  addition  to  the  class  expressions  discussed  above, 
taxonomic  syntax  allows  for  classes  defined  with  formulas;  one  can  construct 
a  class  expression  that  denotes  the  set  of  all  objects  x  that  satisfy  an  arbitrary 
formula  3>(x).  In  order  to  ensure  that  taxonomic  syntax  is  expressively  equiv¬ 
alent  to  classical  first  order  logic,  a  distinguished  class  expression,  A-Thing , 
always  denoted  the  entire  domain  in  any  first  order  interpretation.  For  the 
sake  of  technical  simplicity,  we  only  allow  interpretations  with  non-empty 
semantic  domains.  Thus  the  class  A-Thing  always  denotes  a  non-empty  set. 

The  formulas  of  taxonomic  syntax  include  atomic  statements  about  the 
taxonomic  relationships  between  class  expressions.  More  specifically,  we 
write  (is  «!  s2)  to  say  that  the  class  Sj  is  a  subset  of  the  class  s2.  We  also 
write  (THERE-EXISTS  s)  to  say  that  the  class  s  is  non-empty  and  we  write 
(DETERMINED  s)  to  say  that  there  is  at  most  one  element  of  the  class  s.  Finally, 
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we  write  (INTERSECTS  s  t )  to  say  that  the  class  s  has  a  non-empty  intersection 
with  the  class  t. 


Definition:  A  class  expression  is  either 

•  a  variable, 

•  a  constant  symbol, 

•  a  monadic  predicate  symbol, 

•  a  fc-ary  function  symbol  applied  to  a  k  class  expressions, 

•  a  fc-ary  predicate  symbol  applied  to  k  —  1  class  expressions, 

•  a  such-that  expression  of  the  form  (s  x  S.T.  $(x))  where  s  is 
a  class  expression,  x  is  a  variable,  and  <J>(x)  is  a  taxonomic 
formula, 

•  or  the  distinguished  class  expression  A-Thing. 

A  taxonomic  formula  is  either 

•  an  is-formula,  (IS  Si  s2b  where  Si  and  s2  are  class  expres¬ 
sions, 

•  an  existence-formula,  (THERE-EXISTS  s),  where  s  is  a  class  ex¬ 
pression, 

•  a  determined-formula,  (DETERMINED  s),  where  s  is  a  class  ex¬ 
pression, 

•  an  intersection-formula  (INTERSECTS  s  t)  where  s  and  t  are 
class  expressions, 

•  or  a  Boolean  combination  of  taxonomic  formulas. 

Formulas  of  the  first  four  kinds  will  be  called  atomic  formulas.  A 
literal  is  either  an  atomic  formula  or  the  negation  of  an  atomic 
formula.  A  formula  or  class  expression  is  quantifier-free  if  it  does 
not  contain  any  such-that  class  expressions. 


Given  a  model  of  first  order  logic  and  an  interpretation  of  every  variable 
as  an  element  of  the  first  order  domain,  each  class  expression  in  taxonomic 
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syntax  can  be  unambiguously  interpreted  as  a  subset  of  the  first  order  do¬ 
main  and  each  formula  of  taxonomic  syntax  can  be  assigned  an  unambiguous 
truth  value.  For  example,  the  formula  (IS  x  A-Person)  is  true  just  in  case  the 
value  of  the  variable  x  is  an  element  of  the  set  denoted  bv  t  he  class  expres¬ 
sion  A-Person.  The  formula  (IS  y  A-Chdd-of(x))  is  true  just  in  case  the  pair 
<x,  y>  is  contained  in  the  relation  denoted  by  A-Child-of.  The  formula 
(IS  z  A-ChiId-of(A-Child-of(x)))  is  true  just  in  case  there  exists  some  member  y 
of  the  class  A-Child-of(x)  such  that  2  is  a  member  of  the  class  A-Child-of(y). 
The  formula  (IS  x  Times {2  A-Number ))  is  true  just  in  case  r  can  be  written  as 
the  product  of  2  and  some  number,  i.e.,  just  in  case  x  is  an  even  number.  The 
such-that  class  expression  ( A-Person  x  S.T.  (THERE-EXISTS  A-Cbild-of(x)))  denotes 
the  set  of  all  people  who  have  children. 

Our  definition  of  taxonomic  formulas  does  not  include  classic  al  quantifi¬ 
cation.  All  quantification  is  done  with  such-that  class  expressions.  For  exam¬ 
ple,  the  formula  (THERE-EXISTS  ( A-Person  x  S.T.  $(x)))  is  true  just  in  case  there 
exists  some  element  x  of  the  class  Person  such  that  3>(x)  is  true.  Universal 
quantification  can  be  defined  in  terms  of  existential  quantification  and  nega¬ 
tion.  Alternatively,  one  can  express  universal  quantification  directly  with 
taxonomic  atomic  formulas.  For  example,  (IS  A-Person  (A-Person  j-S.T.  <I>(.rt)) 
is  true  if  and  only  if  $(x)  is  true  for  every  member  x  of  the  set  denoted  by 
A-Person.  The  special  class  expression  A -Thing  ensures  that  one  can  quantify 
over  the  entire  first  order  domain.  For  example,  the  classical  formula  3x<l>(.r) 
is  equivalent  to  the  taxonomic  formula  (THERE-EXISTS  (A-Thing x  S.T.  <U(x))) 
where  $'(x)  is  the  taxonomic  translation  of  $(x). 


3  Satisfiability  of  Quantifier- Free  Taxonomic 
Literals 


Every  literal  in  classical  first  order  logic  with  equality  is  semantically  equiv¬ 
alent  to  some  quantifier-free  taxonomic  literal.  More  specifically,  note  that 
classical  terms  are  a  subset  of  taxonomic  class  expressions  --  any  class  expres¬ 
sion  constructed  purely  from  constants  and  function  symbols  is  syntactically 
a  term  of  classical  first  order  logic.  For  classical  terms  the  IS  relation  is 
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semantically  identical  to  equality,  so  any  equation  between  classical  terms 
is  equivalent  to  a  quantifier-free  atomic  formula  of  taxonomic  syntax.  How¬ 
ever,  most  non-trivial  quantifier-free  taxonomic  literals  are  not  equivalent 
to  any  classical  literal.  For  example,  let  P  be  a  monadic  predicate  symbol 
and  let  /  be  a  monadic  function  symbol.  The  pair  of  literals  (IS  P  f{P)) 
and  (HOT  (IS  f(P)  P))  is  satisfiable.  For  example,  P  can  be  interpreted  as 
the  non- negative  integers  and  /  as  the  function  that  subtracts  one  from  its 
argument.  In  this  case  f(P)  denotes  the  set  containing  the  non-negative 
integers  plus  negative  one.  One  can  show,  however,  that  this  pair  of  literals 
cannot  be  satisfied  by  any  finite  first  order  structure.  Every  satisfiable  set 
of  literals  in  classical  first  order  logic  with  equality  can  be  satisfied  by  some 
finite  structure. 

Since  quantifier-free  taxonomic  literals  are  more  expressive  than  classi¬ 
cal  literals,  it  is  not  immediately  clear  whether  or  not  one  can  efficiently 
determine  the  satisfiability  of  a  set  of  quantifier-free  taxonomic  literals. 


Taxonomic  Quantifier-Free  Decidability  Theorem:  The 

satisfiability  of  a  set  of  quantifier-free  taxonomic  literals  is  poly¬ 
nomial  time  decidable. 


There  is  a  well  known  corresponding  theorem  for  classical  first  order  logic; 
the  satisfiability  of  a  set  of  literals  in  first  order  logic  with  equality  is  poly¬ 
nomial  time  decidable.  The  classical  decision  procedure  is  based  on  the 
congruence  closure  algorithm  [Kozen,  1977],  [Downey  et  al .,  1980],  [Nelson 
and  Oppen,  1980].  Unfortunately,  the  taxonomic  decision  procedure  is  sig¬ 
nificantly  more  complex  than  the  classical  procedure  based  on  congruence 
closure.  To  appreciate  the  complexity  of  the  taxonomic  satisfiability  prob¬ 
lem,  consider  the  literals  (IS  f(P)  a),  (IS  f(Q)  6)  and  (NOT  (IS  a  b))  where  P 
and  Q  are  monadic  predicates,  /  is  a  monadic  function  and  a  and  b  are 
constant  symbols.  These  literals  imply  that  the  classes  P  and  Q  must  be 
disjoint:  if  c,  say,  was  in  both  P  and  Q,  then  /(c)  must  equal  both  a  and 
b,  contradicting  the  third  literal.  Now  suppose  we  add  the  literals  (IS  c  P). 
(IS  g(c)  Q),  (IS  g6(P)  P)  and  (IS  g7(Q )  Q)  where  c  is  a  constant  symbol,  g  is 
a  monadic  function  symbol,  and  gn(s )  abbreviates  g(g(-  ■  •  g(s)))  with  n  ap¬ 
plications  of  g.  All  of  these  literals  taken  together  are  unsatisfiable.  To  see 
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this  it  suffices  to  observe  that,  under  any  interpretation,  </  '*'(/')  must  be  a 
member  of  both  P  and  Q. 

Any  set  of  quantifier-free  taxonomic  literals  can  be  efficiently  translated 
into  an  equisatisfiable  set  of  quantifier-free  literals  that  does  not  contain 
existence,  determined,  or  intersection-formulas.  More  specifically,  both  pos¬ 
itive  and  negative  literals  involving  existence,  determined,  and  intersection- 
formulas  can  be  replaced  by  literals  involving  is-formulas  and  new  constant 
and  function  symbols.  For  example,  the  literal  (I0T  (intersects  P  Q ))  can 
be  translated  into  (IS  f(P)  a),  (IS  f(Q)  b)  and  (ROT  (IS  a  b)).  Thus,  without 
loss  of  generality,  one  can  assume  that  every  literal  involves  an  is- formula.  It 
turns  out  that  this  apparent  simplification,  i.e.,  the  elimination  of  existence, 
determined,  and  intersection-formulas,  is  not  a  simplification  at  all.  Our  de¬ 
cision  procedure  relies  on  existence,  determined,  and  intersection  formulas. 
The  decision  procedure  is  based  on  the  rules  of  inference  listed  in  figure  1. 

If  £  is  a  set  of  taxonomic  literals  the  notation  E  F  'I'  abbreviates  the 
statement  that  there  exists  a  derivation  of  $  from  E  using  the  above  rules 
of  inference.  The  notation  £  K>  F  abbreviates  the  statement  that  there 
exists  some  formula  'I'  such  that  E  K>  and  E  bo  (not  It  is  not 
clear  that  one  can  quickly  determine  whether  or  not  £  bo  ty,  or  whether 
£  bo  F.  However,  one  can  readily  construct  a  decision  procedure  for  a 
seemingly  more  restricted  inference  relation.  More  specifically,  the  notation 
£  H  abbreviates  the  statement  that  'F  can  be  derived  from  £  using  the 
above  rules  such  that  every  class  expression  appearing  in  the  derivation  of 
also  appears  as  a  subexpression  of  some  formula  in  £.  The  notation  £  H  F 
abbreviates  the  statement  that  there  exists  a  formula  such  that  £  h  T  and 
£  H  (hot  'if).  Section  4  gives  a  cubic  procedure  for  determining  if  £  H  F. 
Section  5  contains  a  proof  that  if  £  is  a  set  of  quantifier-free  taxonomic 
literals,  and  £  \f  F,  then  £  is  satisfiable.  This  implies  that  £  H  F  if  and 
only  if  £  K>  F  and  thus  the  restricted  relation  is  not  really  any  weaker  than 
the  unrestricted  relation. 
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(1) 

(THERE-EXISTS  A-Thing) 

(12) 

(THERE-EXISTS  r),  (IS  r  t) 

(2) 

(IS  s  A-Thing ) 

(THERE-EXISTS  t) 

(3) 

(IS  s,  ti),  (IS  sn  tn) 

(13) 

(DETERMINED  t),  (IS  r  t) 

(IS  R(Sl,...Sn)  R{tx,...tn)) 

(DETERMINED  r) 

(4) 

(IS  r  s),  (IS  s  t) 

(14) 

(NOT  (IS  r  <)) 

(IS  r  t) 

(THERE-EXISTS  r) 

(5) 

(IS  t  t) 

(15) 

(THERE-EXISTS  r),  (IS  r  s),  (IS  r  t) 

(6) 

(THERE-EXISTS  c) 

(INTERSECTS  s  t) 

(7) 

(DETERMINED  c) 

(16) 

(INTERSECTS  r  t),  (IS  r  s) 

(8) 

(THERE-EXISTS  Si) 

(INTERSECTS  a  t) 

(THERE-EXISTS  sn) 

(17) 

(INTERSECTS  r,  Sl  ),■••  (INTERSECTS  rn  s„ 

(THERE-EXISTS  /(si,  •  •  •«„)) 

(INTERSECTS  /(r,,...r„)  /(«i ,  . .  .  )) 

(9) 

(DETERMINED  sj),  •  •  ■  (DETERMINED  s„) 

(18) 

(INTERSECTS  r  s) 

(DETERMINED  /(sl.--  s„)) 

(INTERSECTS  s  r) 

(10) 

(NOT  (DETERMINED  <)) 

(19) 

(INTERSECTS  r  s) 

(THERE-EXISTS  i) 

(THERE-EXISTS  s) 

(11) 

(THERE-EXISTS  R(Sl,...sn)) 

(20) 

(INTERSECTS  s  t),  (DETERMINED  s) 

(THERE-EXISTS  sj 

(IS  5  0 

Figure  1:  The  inference  rules  for  quantifier-free  literals.  In  these  rules  the 
letters  s,  r,  and  t  range  over  class  expressions,  c  ranges  over  constant  sym¬ 
bols,  /  ranges  over  function  symbols,  and  R  ranges  over  both  function  and 
predicate  symbols. 
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4  A  Satisfiability  Decision  Procedure 


Let  E  be  a  set  of  quantifier-free  taxonomic  literals  and  let  T  be  the  set  of  class 
expressions  containing  all  class  expressions  that  appear  as  subexpressions  of 
members  E.  plus  the  distinguished  class  expression  A-Thing.  The  set  T 
of  class  expressions  can  be  viewed  as  a  semantic  network  where  the  elements 
of  T  are  viewed  as  nodes  representing  classes.  The  decision  procedure  for 
determining  whether  E  H  F  can  be  viewed  as  a  label- propagation  process  on 
this  network.  More  specifically,  it  is  possible  to  show  that  if  'P  is  a  formula 
not  in  E,  but  E  H  then  'P  must  be  a  label  formula  for  T  as  defined  below. 

Definition:  A  label  formula  for  a  set  T  of  class  expressions  is 
a  formula  of  the  form  (THERE-EXISTS  s),  (DETERMIHED  s).  (IS  s  <),  or 
(INTERSECTS  s  t)  where  s  and  t  are  members  of  T. 

Since  some  of  the  label  formulas  involve  two  members  of  T,  it  is  perhaps 
better  to  view  them  as  arcs  between  nodes  rather  than  labels  on  nodes.  It 
is  possible  to  determine  whether  or  not  E  H  F  by  propagating  labels  on 
the  network  T.  More  specifically,  one  continues  to  derive  new  label  formulas 
until  no  more  such  derivations  can  be  made.  If  T  contains  n  nodes  then  there 
are  0(n 2)  label  formulas.  Thus  the  process  of  deriving  new  formulas  must 
terminate.  If  this  propagation  process  yields  some  label  formula  'P  such  that 
E  contains  (not  tf),  then  E  H  F,  otherwise  E  1/  F. 

To  analyze  the  running  time  of  the  label  propagation  procedure  it  is  nec¬ 
essary  to  specify  the  procedure  in  greater  detail.  In  presenting  the  details 
of  our  decision  procedure  we  assume  that  all  class  expressions  that  are  ap¬ 
plications  of  a  relation  or  function  symbol  involve  at  most  two  arguments. 
Expressions  involving  more  than  two  arguments  can  be  reformulated  in  terms 
of  expressions  that  involve  only  two  arguments  and  thus  there  is  no  loss  of 
generality  in  restricting  applications  to  two  arguments.  More  specifically,  if 
there  is  a  function  /  of  more  than  two  arguments  then  one  simply  introduces 
a  new  function  symbol  g  and  uniformly  replaces  every  class  expression  of 
the  form  f{sx,  s?...sn)  with  /(sj,  g{s 2...sn)).  If  the  new  function  g  takes 
more  than  two  arguments  the  process  can  be  repeated.  In  the  worst  case  this 
transformation  process  leads  to  a  linear  increase  in  the  length  of  expressions. 
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Our  procedure  runs  on  a  graph-like  data  structure  where  each  node  rep¬ 
resents  an  expression  in  T.  This  graph-like  data  structure  can  be  viewed 
as  a  directed  acyclic  graph  (DAG)  representation  of  the  class  expressions  in 
T.  Each  node  in  this  graph  is  a  data  structure  containing  various  kinds  of 
information.  The  data  structure  representing  a  class  expression  s  contains 
fields  that  are  updated  whenever  a  formula  of  the  form  (THERE-EXISTS  s)  or 
(DETERMIIED  s)  is  derived.  The  data  structure  representing  s  also  contains  a 
list  of  all  the  nodes  t  such  that  the  formula  (is  s  t)  has  been  derived,  as  well 
as  a  list  of  all  nodes  w  such  that  (is  w  s)  has  been  derived,  and  a  list  of 
all  nodes  u  such  that  (iitersects  s  u)  has  been  derived.  Each  time  a  new 
label  formula  is  added  the  procedure  must  check  to  see  if  this  addition  can 
be  propagated  to  yield  further  additional  label  formulas.  There  is  a  prop¬ 
agation  procedure  for  each  kind  of  label  formula.  For  example  there  is  a 
propagation  procedure  that  is  called  when  a  new  formula  of  the  form  (IS  s  t) 
is  derived  and  a  different  procedure  that  is  called  when  a  new  formula  of  the 
form  (THERE-EXISTS  s)  is  derived. 

Each  inference  rule  is  implemented  by  pieces  of  propagation  procedures. 
Since  there  is  no  way  of  knowing  which  antecedent  will  be  derived  last,  each 
antecedent  of  a  given  rule  corresponds  to  a  piece  of  one  of  the  propaga¬ 
tion  procedures.  For  example,  consider  the  third  rule  of  the  previous  sec¬ 
tion,  the  monotonicity  rule.  For  applications  involving  two  arguments,  the 
rule  says  that  if  one  can  derive  (IS  s  t )  and  (IS  u  u>),  then  one  can  derive 
(IS  R(s,u)  R(t,w)).  Each  of  the  two  antecedents  of  this  rule  corresponds  to 
a  piece  of  the  procedure  for  propagating  new  is-formulas.  Consider  the  first 
antecedent,  (IS  s  t).  When  a  new  formula  (is  s  t)  is  derived  a  certain  piece 
of  the  procedure  for  propagating  is-formulas  finds  all  expressions  in  T  of  the 
form  R(s,  u).  Expressions  of  the  form  R(s,  u )  are  stored  on  a  list  in  the  data 
structure  representing  s.  For  each  previously  derived  formula  of  the  form 
(IS  u  w),  a  hash  table  lookup  is  used  to  see  if  the  expression  R(t,  w)  is  in 
T  If  so,  the  formula  (IS  R(s,u)  R(t,w))  is  derived  and,  provided  that  this 
f  •  rnula  has  not  been  previously  derived,  the  is-formula  propagation  pro¬ 
cure  is  called  recursively  on  the  new  formula.  Since  there  is  no  way  of 
kuowr  g  which  antecedent  of  the  rule  will  be  derived  last,  there  is  also  a 
pie^-'  of  the  procedure  for  propagating  is-formulas  that  corresponds  to  the 
second  antecedent.  When  a  new  is-formula  (IS  u  u>)  is  derived,  this  piece 
finds  all  expressions  in  T  of  the  form  R(s,u)  and  then  for  each  previously 


11 


derived  formula  (IS  s  t)  looks  for  the  expression  R(t,w)  in  a  hash  table.  This 
may  lead  to  the  recursive  addition  of  another  is-formula.  Each  of  the  other 
rules  can  also  be  implemented  with  pieces  of  propagation  procedures;  one 
piece  for  each  antecedent  of  the  rule.  Rule  12,  for  example,  can  be  imple¬ 
mented  as  a  piece  of  the  procedure  for  propagating  existence  formulas  and  a 
piece  of  the  procedure  for  propagating  is-formulas.  Rule  17  is  analogous  to 
monotonicity  rule  and  is  implemented  by  pieces  of  the  procedure  for  propa¬ 
gating  intersection-formulas.  The  propagation  procedures  are  recursive  and 
no  queue  of  outstanding  inferences  is  required. 

The  total  running  time  of  the  propagation  process  is  equal  to  the  sum  over 
all  rules  of  the  time  spent  executing  the  pieces  of  the  propagation  procedures 
that  correspond  to  that  rule.  For  example,  consider  the  monotonicity  rule  as 
discussed  above.  Assuming  that  hash  table  lookups  take  constant  time,  the 
time  spent  executing  the  monotonicity  pieces  of  the  is-formula  propagation 
procedure  is  bounded  by  some  constant  times  the  total  number  of  hash  table 
lookups  performed  by  these  pieces.  It  is  possible  to  show  that  for  each  term 
R{s,u)  in  T,  and  each  pair  of  derived  is-formulas  of  the  form  (is  s  t)  and 
(IS  u  ui),  there  is  exactly  one  hash  table  lookup  performed  by  the  rnonotonic- 
ity  pieces  of  the  is-formula  propagation  procedure;  at  the  point  where  both 
is-formulas  are  derived  the  expression  R{t,w)  will  be  looked  up  in  the  hash 
table.  For  a  fixed  expression  /?(s,u)  in  T,  the  propagation  process  can  derive 
at  most  n2  pairs  of  is-formulas  of  the  form  (is  s  t)  and  (IS  u  w).  Therefore, 
there  are  at  most  n3  hash  table  lookups  performed  in  the  monotonicity  pieces 
of  the  is-formula  propagation  procedure. 

Assuming  that  no  application  expression  has  more  than  two  arguments, 
each  rule  can  be  implemented  so  that  at  most  0(n3)  time  is  spent  in  the 
pieces  of  the  propagation  procedures  that  correspond  to  that  rule  (where  n 
is  the  number  of  class  expressions  in  T).  Thus,  if  applications  involve  at 
most  two  arguments,  the  total  time  spent  in  the  propagation  process  is  at 
most  0(n3). 
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5  Correctness  of  the  Decision  Procedure 


Suppose  that  E  is  a  set  of  quantifier- free  taxonomic  literals.  This  section 
summarizes  a  proof  that  if  E  F  then  E  is  satisfiable  and  thus  the  procedure 
of  the  previous  section  can  determine  the  satisfiability  of  E.2  The  proof  is 
based  on  a  method  for  constructing  a  model  of  E  from  the  set  of  label  formulas 
such  that  E  H  As  pointed  out  earlier,  it  is  possible  that  E  is  satisfiable 
and  yet  there  are  no  finite  models  of  E.  Thus,  the  method  of  constructing 
a  model  of  E  must  be  capable  of  yielding  infinite  models.  However,  the 
structure  of  the  model  is  somehow  completely  characterized  by  the  finite  set 
of  label  formulas  '£  such  that  EH'}. 

Let  T  be  the  set  of  class  expressions  containing  all  class  expressions  ap¬ 
pearing  as  subexpressions  of  formulas  in  E  plus  the  distinguished  class  symbol 
A-Thing.  The  domain  elements  in  any  interpretation  of  E  can  be  classified 
into  types  depending  on  their  relationships  with  the  class  expressions  in  T. 
More  specifically,  if  d  is  a  domain  element  of  a  model  of  E,  then  the  T-type  of 
d  is  defined  to  be  the  set  of  class  expressions  s  in  T  such  that  d  is  contained 
in  the  set  denoted  by  s.  If  we  view  the  class  expressions  in  T  as  predicates, 
then  the  T-type  of  d  is  the  set  of  class  expressions  that  are  true  of  d.  More 
generally,  an  T-type  is  defined  to  be  any  subset  of  the  class  expressions  in  T. 
If  there  are  n  class  expressions  in  T,  then  there  are  2"  different  T-types.  We 
say  that  an  T-type  r  is  inhabited  in  a  particular  model  of  E  if  there  exists 
some  domain  element  d  of  that  model  whose  T-type  is  r.  Of  course,  there 
can  be  models  in  which  many  of  the  T-types  are  not  inhabited. 

The  model  we  construct  will  have  the  property  that  existence  formulas 
and  intersection  formulas  that  are  not  derivable  by  label  propagation  will  be 
false  in  the  model.  This  condition  places  constraints  on  the  T-types  that 
can  be  inhabited  in  our  model.  The  types  consistent  with  these  constraints 
are  said  to  be  E-inhabitable.  More  specifically,  a  E-inhabitable  T-type  is  an 

2We  have  found  two  different  proofs  of  this  result:  one  presented  in  this  section  and 
another  proof  based  on  a  syntactic  proof  that  H  is  the  same  as  K>  plus  a  semantic  proof 
that  H>  is  complete  for  the  detection  of  unsatisfiability.  The  syntactic  proof  that  H  is  the 
same  as  K>  is  somewhat  complex  but  similar  to  the  proof  given  in  section  7.  The  proof  that 
H>  is  semantically  complete  for  detecting  the  unsatisfiability  of  quantifier-free  taxonomic 
literals  is  considerably  simpler  than  the  direct  semantic  proof  for  H  given  here. 
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T-type  t  such  that 


•  r  contains  the  type  A-Thing, 

•  EH  (THERE-EXISTS  s)  for  every  s  in  r, 

•  if  s  is  in  r  and  E  H  (IS  s  w )  then  w  is  in  r, 

•  and  for  all  s  and  w  in  r,  E  H  (INTERSECTS  s  w). 

Note  that  the  singleton  type  {A-Thing}  is  always  E-inhabitable.  If  s  is  a 
class  expression  such  that  E  H  (THERE-EXISTS  s),  then  s'  is  defined  to  be 
the  T-type  consisting  of  all  class  expressions  w  such  that  E  h  (is  w). 
Inference  rule  5  guarantees  that  s*  contains  s  and  inference  rules  2,  12,  4, 
and  15  guarantee  that  s'  satisfies  the  four  requirements  respectively  in  the 
definition  of  a  E-inhabitable  T-type  and  thus  s'  is  always  E-inhabitable.  If 
s  is  a  class  expression  (possibly  outside  of  T)  such  that  E  1/  (THERE-EXISTS  s) 
then  s*  is  defined  to  be  the  singleton  type  {A-Thing}. 

A  class  expression  s  in  T  will  be  called  £-atomic  if  E  H  (there-exists  s) 
and  E  H  (determined  s).  Note  that  if  s  is  a  E-atomic  class  expression  then  the 
type  s*  contains  s.  Furthermore,  one  can  show  that  if  s  is  S-atomic  then  s' 
is  the  only  E-inhabitable  T-type  that  contains  s.  More  specifically,  consider 
a  E-inhabitable  type  r  that  contains  s.  The  definition  of  E-inhabitability 
ensures  that  s*  is  a  subset  of  r.  To  show  that  r  is  a  subset  of  .s*,  con¬ 
sider  a  class  expression  t  in  r.  The  definition  of  E-inhabitable  ensures  that 
£  H  (intersects  s  t).  But  inference  rule  20  then  ensures  that  E  H  (is  s  t) 
and  thus  t  is  an  element  of  s'.  Thus  any  E-atomic  class  expression  in  T  is 
contained  in  exactly  one  E-inhabitable  T-type  An  T-type  r  will  be  called 
E-atomic  if  it  is  of  the  form  s*  for  some  E-atomic  class  expression  s.  Note 
that  a  E-inhabitable  type  r  is  E-atomic  if  and  only  if  r  contains  a  class 
expression  s  such  that  E  H  (DETERMINED  s),  in  which  case  r  equals  s'. 

It  is  tempting  to  define  the  semantic  domain  of  the  desired  model  of 
E  to  be  the  set  of  E-inhabitable  types.  Unfortunately,  this  does  not  allow 
for  infinite  domains  and  S  may  not  have  finite  models.  The  need  for  infinite 
domains  arises  from  the  need  to  include  “predecessors”.  If  the  type  r  contains 
a  class  expression  of  the  form  f(s )  where  /  is  a  function  symbol,  then  any 
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domain  element  d  that  inhabits  the  type  r  must  be  a  member  of  the  class 
denoted  by  f(s)  and  thus  there  must  be  some  predecessor  domain  element 
d!  in  the  class  denoted  by  s  such  that  f(d')  equals  d.  If  E  H  (is  s  /(s))  then 
the  need  to  include  a  predecessor  for  each  element  of  s  may  force  an  infinite 
domain. 

An  infinite  domain  can  be  constructed  by  taking  the  domain  elements  to 
be  pairs  of  the  form  <r,  a>  where  r  is  a  E-inhabitable  T-type  and  a  is  an 
expression  that  specifies  the  role  played  by  the  domain  element.  More  specif¬ 
ically,  the  domain  D  is  defined  inductively  as  follows.  Every  E-inhabitable 
type  must  have  at  least  one  inhabitant  in  the  model.  Thus  for,  every  £- 
inhabitable  type  r,  D  contains  the  pair  <r,  0>.  If  r  is  E-inhabitable  but  not 
E-atomic  then  we  require  that  D  contain  at  least  two  inhabitants  of  r;  we 
specify  that  D  contains  the  pair  <r,  1>  as  well  as  the  pair  <r,  0>.  Finally, 
if  D  contains  the  pair  <r,  a>,  and  r  contains  a  class  expression  of  the  form 
/(si,. .  .sn),  where  some  s*  is  not  E-atomic,  then  D  contains  the  “predeces¬ 
sor”  pair  <<,/(*,..  •  sn )  »— ►  <r,a>>  where  Sj  is  the  first  class  expression 
among  sx,  . . .  sn  such  that  s*  is  not  E-atomic. 

There  are  several  things  worth  noting  about  the  semantic  domain  D. 
First,  note  that  if  r  is  a  S-atomic  type  then  the  definition  of  D  directly 
guarantees  that  <r,  0>  is  the  only  pair  in  D  whose  first  component  is  the 
type  r.  Second,  note  that  all  elements  of  D  are  either  of  the  form  <r,  0>, 
<t ,  1>  of  <s*,/(s!, . . .  sn)  <T,a»  where  /(sj, . .  .sn)  is  a  member  of  the 
type  r.  Finally,  note  that  D  can  be  infinite.  More  specifically,  if  5  is  a 
class  expression  in  T  such  that  E  H  (TEERE-EXISTS  s),  but  s  is  not  E-atomic, 
and  E  H  (is  s  f(s))  for  some  function  symbol  /,  then  for  each  pair  <s*,a> 
in  the  semantic  domain  D,  the  domain  D  will  contain  a  “predecessor”  pair 
<s*,/(s*)  •— >  <s*,a». 

To  complete  the  specification  of  the  model  of  E  we  must  give  the  in¬ 
terpretation  of  the  constant,  function,  and  predicate  symbols.  A  constant 
c  is  interpreted  to  be  the  pair  <c*,0>.  A  monadic  predicate  symbol  P  is 
interpreted  to  be  the  set  of  all  pairs  <r,  q>  where  the  type  r  contains  the 
symbol  P.  A  k- ary  predicate  symbol  R  is  interpreted  as  the  set  of  tuples 
«si,  0>, . . .  0>,  <r,  a»  such  that  r  contains  the  class  expression 

R(si, . .  .Sk- 1).  Finally,  consider  applying  the  function  denoted  by  the  symbol 
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/  to  the  arguments  <<Ti,  Qi>,  . . .  <rfc,  atk>>.  We  will  say  that  a  particular 
argument  <r,-,at>  determines  /  on  the  arguments  <<ru  «i>,  •  ■  •  Ct*,  a *.>> 
if  <Tt-,at>  is  of  the  form  .  sn)  >— >  <<r, /3>>  where  for  each  s:,  the 

type  Sj  equals  the  type  Tj.  The  definition  of  D  implies  that  if  <r,.at>  de¬ 
termines  /  on  <<t ! ,  ai>, . . .  <Tk,  ctk»-  then  Tj,  which  is  equal  to  s',  must 
be  the  first  type  in  the  sequence  Ti,. .  .  rn  that  is  not  E-atomic.  This  implies 
that  there  can  be  at  most  one  argument  <TV,at>  that  determines  /  on  the 
tuple  <<7i,  ai>, . . .  <Tfc,  afc>>.  If  such  an  argument  exists,  we  define  the 
value  of  /  on  this  tuple  of  arguments  to  be  the  pair  <<r,  /?>  given  by  the 
distinguished  argument.  If  there  does  not  exist  such  an  argument,  then  the 
value  of  /  on  these  pairs  equals  <cr,0>  where  a  is  the  union  of  all  types  of 
the  form  /(sj, . . .  s *.)*  where  each  Sj  is  a  member  of  the  type  ry  The  rules  of 
obviousness  for  intersection-formulas  ensure  that  a  is  a  E-inhabitable  T-type. 

Given  the  rules  of  inference  listed  in  section  3  it  is  possible  to  prove  that 
under  this  semantic  interpretation  the  T-type  of  a  pair  <r,  a>  is,  in  fact, 
the  type  r.  This  is  equivalent  to  the  statement  that  for  any  class  expres¬ 
sion  s  in  T,  the  set  denoted  by  s  under  this  interpretation  contains  a  pair 
<r,  a>  if  and  only  if  r  contains  s.  This  latter  statement  can  be  proven  by 
structural  induction  on  the  class  expression  s.  Consider  a  constant  symbol 
c  in  T.  First  we  show  that  if  <r,  q>  is  in  the  class  denoted  by  c  then  c  is  a 
member  of  r.  The  constant  c  denotes  the  singleton  class  containing  the  pair 
<c*,0>.  Inference  rule  6  guarantees  that  E  H  (THERE-EXISTS  c)  and  therefore 
c*  contains  c.  Next  we  suppose  that  c  is  a  member  of  a  E-inhabitable  type  r 
and  show  that  any  pair  of  the  form  <r,  a>  is  contained  in  the  class  denoted 
by  c.  Inference  rules  6  and  7  gaurantee  that  c  is  E-atomic  and  therefore  c* 
is  the  only  E-inhabitable  type  that  contains  c.  Thus  r  must  be  c*.  Fur¬ 
thermore,  the  type  c*  is  E-atomic  and  therefore  the  only  domain  element 
whose  first  component  is  c*  is  the  pair  <c*,0>.  Now  consider  a  monadic 
class  expression  P  in  T.  The  class  denoted  by  P  is  the  set  of  pairs  <r,  o> 
such  that  r  contains  P  so  the  result  follows  by  definition.  Applications  of 
relations  and  functions  are  somewhat  more  complex.  For  application  class 
expressions  the  result  is  proven  using  properties  provided  by  the  inference 
rules  together  with  the  assumption  that  the  statement  holds  on  the  subex¬ 
pressions  of  the  application  in  question.  Most  of  the  cases  are  not  given 
here,  but  one  particular  case  is  worth  noting.  Suppose  that  f{s\, . . .  .sn)  is 
a  member  of  the  type  a.  In  this  case  we  must  show  that  all  pairs  of  the 


form  <a,a>  are  members  of  the  class  denoted  by  /(sx,...sn).  There  are 
two  subcases.  First,  suppose  that  each  class  expression  sx  is  E-atomic.  Since 
each  Si  is  E-atomic,  inference  rules  8  and  9  guarantee  that  f(s\, . . .  sn)  is  also 
E-atomic.  Since  f{si, . . .  sn )  is  both  E-atomic  and  a  member  of  the  type  er, 
a  must  be  the  type  /(sx,...sn)’  and  a  must  be  0.  To  show  that  <cr, a>  is 
a  member  of  the  class  denoted  by  f(s 1,.. .  sn)  it  now  suffices  to  show  that 
the  class  denoted  by  f(si, . . .  sn)  contains  the  pair  </(sx, . . .  sn)*,  0>.  Since 
each  Si  is  E-atomic,  each  expression  s;  denotes  the  class  containing  the  sin¬ 
gle  pair  <s*,0>.  The  semantic  definition  of  /  specifies  that  in  this  case  the 
value  of  the  expression  f(s\, . . .  sn)  is  the  pair  <r,  0>  where  r  is  the  union 
of  all  types  of  the  form  where  is  a  member  of  s*  for  each  f,-. 

But  the  type  /(sl5.. .  sn)*  is  included  in  this  union  and  thus  r  contains  the 
class  /($!, . . .  sn)*.  Since  f(s i, . . .  sn)  is  E-atomic,  this  implies  that  r  equals 
f(si,. . .  sn )*  so  the  result  holds.  Returning  to  the  second  subcase,  suppose 
that  f(s\, . . .  sn)  is  a  member  of  a  but  that  there  exists  some  s,  that  is  not 
E-atomic.  Let  s,  be  the  first  such  such  non-E-atomic  argument.  The  defi¬ 
nition  of  D  guarantees  that  D  contains  a  pair  <s*, /(sx, . . .  sn)  <cr,  a». 
Since  <r  contains  /(sx, . . .  sn),  E  H  (THERE-EXISTS  /(«!,...«„))•  Inference  rule 
11  guarantees  that  E  H  (there-EXISTs  Sj)  for  each  sj.  Therefore  s*  con¬ 
tains  s}  for  each  type  sj.  By  the  induction  hypothesis,  the  pairs  <sx,0>,. . . 
<s*,/(sx, . .  .s„)  <<7, a>>,  . . .  <s*,0>  are  members  of  the  classes  denoted 

by  s!,...sn  respectively.  But  the  semantic  interpretation  of  the  function  / 
guarantees  that  /  applied  to  these  arguments  yields  the  pair  <er,  a>  and  thus 
the  pair  <a,a>  is  a  member  of  the  class  denoted  by  f(si, . . .  sn). 

Given  that  the  T-type  of  <r,  a>  ;■=  the  type  r,  i.e.,  that  <r,  q>  is  a 
member  of  the  class  denoted  by  s  if  and  only  if  s  is  a  member  of  r,  the 
definition  of  a  S-inhabitable  T-type  implies  several  “default  properties”  of 
the  semantic  interpretation.  More  specifically,  for  any  class  expression  s  in 
T,  if  E  1/  (THERE-EXISTS  s)  then  s  denotes  the  empty  set.  Similarly,  for  any 
two  class  expressions  s  and  t  in  T,  if  E  I /  (INTERSECTS  s  t)  then  the  sets 
denoted  by  s  and  t  are  disjoint.  Finally,  if  s  is  a  class  expression  such  that 
E  H  (THERE-EXISTS  s),  then  if  E  1/  (DETERMINED  s)  then  s  denotes  a  set  with 
more  than  one  element,  and  if  t  is  in  T  and  E  (is  s  t )  then  the  set  denoted 
by  s  is  not  a  subset  of  the  set  denoted  by  t.  These  default  properties,  together 
with  inference  rules  10  and  14,  ensure  that  this  semantic  interpretation  is  a 
model  of  E. 
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6  Extended  Rules  of  Obviousness 


To  compare  taxonomic  and  classical  syntax  more  directly,  we  define  two 
high-level  proof  systems:  one  based  on  classical  syntax  and  one  based  on 
taxonomic  syntax.  The  system  based  on  taxonomic  syntax  is  constructed 
from  a  modification  of  the  decision  procedure  discussed  in  section  4.  Section  8 
defines  the  high-level  proof  system  based  on  taxonomic  syntax.  Given  the 
specification  for  the  taxonomic  high-level  proof  system,  the  adaptation  of 
that  system  to  classical  syntax  is  presented  in  section  10. 

The  first  step  in  defining  the  high-level  proof  system  is  to  define  a  tech¬ 
nical  notion  of  an  obviously  true  statement.  The  obviously  true  statements 
are  defined  by  certain  rules  of  obviousness.  Each  rule  of  obviousness  states 
that  if  certain  antecedent  facts  are  obvious  then  a  certain  conclusion  is  also 
obvious.  The  rules  of  obviousness  contain  many,  but  not  all,  of  the  inference 
rules  needed  for  a  complete  inference  system  for  first  order  taxonomic  for¬ 
mulas.  The  rules  of  obviousness  include  all  of  the  rules  of  section  3  together 
with  certain  additional  rules  specified  in  this  section.  These  additional  rules 
involve  a  set  of  variables  T  called  the  focus  set.  We  write  E,.?7  H°  'k  if  there 
exists  a  derivation  of  $  from  the  formulas  in  E  using  the  extended  rules  of 
obviousness  with  focus  set  T.  The  notation  E,.?7  b°  F  is  analogous  to  the 
notation  E  K>  F  used  above. 

In  taxonomic  syntax  there  are  no  explicit  quantifiers  in  formulas;  all  taxo¬ 
nomic  formulas  are  either  atomic  formulas  or  Boolean  combinations  of  atomic 
formulas.  Since  there  are  no  quantified  formulas,  no  rules  of  obviousness  are 
needed  for  quantified  formulas.  Class  expressions,  on  the  other  hand,  can 
involve  quantifiers.  Figure  2  gives  rules  of  obviousness  for  such-that  class  ex¬ 
pressions.  Intuitively,  the  rules  of  obviousness  for  such-that  expressions  only 
allow  the  such-that  quantifier  to  be  instantiated  with  focus  objects.  The  re¬ 
striction  of  the  instantiation  of  quantifiers  to  focus  objects  makes  it  possible 
to  write  a  procedure  for  determining  obviousness. 

Rule  24  can  be  derived  from  rules  22  and  23.  For  example,  suppose  y 
and  ^  are  focus  objects  such  that  one  can  derive  (IS  z  y)  and  $(y).  In  this 
case  rule  22  allows  one  to  derive  (IS  y  (A-Thingx  S.T.  <$(*))).  By  transitivity 
one  can  derive  (IS  z  (A-Thingx  S.T.  4>(x))).  Finally,  by  rule  23  one  can  derive 
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(21) 


(IS  (s  x  S.T.  $(x))  s) 


(23) 


(IS  y  (sxS.T.  $(*))) 


*(2/) 


(22)  (IS  y  5),  $(y) 


(IS  y  {s  x  S.T.  4>(x))) 


(24)  (IS  zi  yi) . . .  (IS  z„  yn),  4>(yi  . . .  y„) 

$(*!,...  Z„) 


Figure  2:  The  inference  rule  for  such-that  class  expressions.  The  variables  y, 
y,-,  and  z,-  must  be  members  of  the  focus  set  T .4 

4>(z).  Thus,  it  would  appear  that  rule  24  is  unnecessary.  However,  rule  24 
is  needed  in  constructing  a  decision  procedure  for  the  extended  rules.  More 
specifically,  the  decision  procedure  uses  label  propagation  on  a  finite  network. 
Rule  24  allows  certain  inferences  on  the  finite  network  that  would  otherwise 
not  be  performed  unless  the  network  were  extended  to  include  additional 
such-that  class  expressions. 

In  addition  to  the  above  rules  for  such-that  expressions,  the  extended 
rules  of  obviousness  include  rules  for  Boolean  connectives.  We  assume  that 
all  Boolean  formulas  are  constructed  using  the  connectives  OR  and  NOT.  The 
rules  of  obviousness  for  Boolean  formulas  are  listed  in  figure  3. 

Inference  rules  25  through  31  are  not  complete  for  Boolean  inference.  For 
example,  rules  25  through  31  cannot  be  used  to  deduce  from  (OR  4>  ¥)  and 
(OR  (rot  $)  '9).  Intuitively,  the  rules  do  not  allow  for  case  analysis.  The  rules 
are  designed  so  that  the  inference  relation  generated  by  the  rules  is  both 
reasonably  powerful  and  quickly  decidable. 

Note  that  rule  31  can  be  derived  from  rules  25  and  28.  More  specifically, 
suppose  that  one  can  derive  both  $  and  (ROT  9).  In  this  case,  rule  25  allows 
one  to  derive  (OR  $).  Rule  28  then  allows  one  to  derive  4>.  Thus  it  would 

4  We  use  the  notation  $(yi, . . .  y„)  as  an  abbreviation  for  $[yi/u>i, . . .  yn/vun],  i.e.,  the 
simultaneous  substitution  of  y,-  for  ail  free  occurences  of  Wi  in  the  expression  4>  with 
appropriate  renaming  of  bound  variables.  Note  that  in  rule  (24)  both  y,-  and  Wi  may  occur 
free  in  $  and  so  the  expression  $(zi, . . .  zn)  may  include  y,  as  a  free  variable. 
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(25)  (OR  $  «),  (MOT  $) 


(28)  $ 


(OR  <I>  tf) 

(OR  $  tf),  (MOT  tf) 

$ 

(OR  $  'J') 

(26) 

(MOT  (OR  $  tf)) 

(29) 

(MOT  (HOT  4>)) 

(MOT  $) 

$ 

(MOT  (OR  <l>  *)) 

(30) 

$ 

(MOT  9) 

(MOT  (MOT  $)) 

(27) 

(MOT  $),(M0T  tf) 

(31) 

(MOT  9) 

(MOT  (OR  $  «))  — 

<fr 


Figure  3:  Rules  of  Obviousness  for  Boolean  formulas. 

appear  that  rule  31  is  not  needed.  However,  the  decision  procedure  for  the 
inference  relation  is  implemented  as  label  propagation  on  a  finite  network.  In¬ 
ference  rule  31  allows  for  the  derivation  of  labels  that  would  not  otherwise  be 
derivable  unless  the  network  were  expanded  to  include  certain  disjunctions. 
In  practice,  of  course,  the  propagation  process  can  be  terminated  whenever 
a  contradiction  is  discovered. 

Before  giving  a  label-propagation  decision  procedure  for  these  rules,  some 
additional  terminology  is  needed.  In  the  following  definitions  £  is  taken  to 
be  a  fixed  but  arbitrary  set  of  formulas,  JF  is  a  fixed  but  arbitrary  set  of 
variables  (called  focus  objects),  and  $  is  a  fixed  but  arbitrary  formula. 

Definition:  An  extended  label  formula  for  a  set  T  of  expres¬ 
sions  is  either  a  formula  that  is  a  member  of  T,  the  negation 
of  a  formula  that  is  a  member  of  T,  or  a  formula  of  the  form 
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(THERE-EXISTS  s),  (DETERMINED  s),  (IS  s  t),  or  (INTERSECTS  s  t)  where 
s  and  t  are  class  expressions  that  are  members  of  T. 

Definition:  A  set  of  expressions  T  (containing  both  class  ex¬ 
pressions  and  formulas)  is  said  to  be  closed  over  £,  T  and  $ 
if 

•  T  contains  A-Thing, 

•  T  contains  'f'  plus  every  member  of  £  and  T ’, 

•  every  subexpression  of  every  member  of  T  is  also  a  member 
of  T, 

•  and  for  every  such-that  class  expression  (siS.T.  <I>(  *))  in  T, 
and  every  variable  y  in  F,  the  formula  $(y)  is  also  in  T. 

Definition:  For  any  set  of  expressions  T  we  write  Y,,T  Hx'P  if 
there  exists  a  derivation  of  $  using  the  extended  rules  of  obvi¬ 
ousness  such  that  every  formula  in  that  derivation  is  an  extended 
label  formula  of  T. 

Definition:  We  write  TH,T  H  if  HT'5  where  T  is  the 

least  set  of  expressions  closed  over  £,  T and  \P. 

It  is  possible  to  show  that,  as  long  as  £  and  J-  are  finite,  the  least  set 
of  expressions  closed  over  £,  T  and  is  also  finite.  More  specifically,  the 
number  of  expressions  in  the  least  set  closed  over  £,  T ,  and  ^  is  no  larger 
than  1  +  1^1  4-  [T]  -f  [r]|^’|<?  where  T  is  the  set  £  U  {^},  [r]  is  the  number  of 
expressions  that  are  either  members  of  T  or  appear  in  members  of  T,  \  J-  \  is  the 
number  of  elements  of  F,  and  Q  is  maximum  level  of  quantifier  nesting  that 
appears  in  T.  In  practice  the  level  of  quantifier  nesting  remains  small  (three 
or  four)  and  the  size  of  the  least  set  closed  over  £,  T  and  ^  is  usually  much 
smaller  than  this  worst-case  bound.  Note  that  if  an  upper  bound  is  placed 
on  both  the  number  of  focus  objects  and  the  maximum  level  of  quantifier 
nesting,  then  the  size  of  the  least  set  closed  over  £,  T  and  ^  remains  linear 
in  the  size  of  £  U  {'P}. 

For  any  finite  set  T  one  can  determine  whether  or  not  £,^"  using  a 
label  propagation  procedure  on  a  network  representing  the  set  T.  Unlike  the 


21 


network  described  in  section  4,  the  network  used  for  the  extended  rules  of 
inference  contains  nodes  that  represent  formulas  as  well  as  nodes  that  rep¬ 
resent  class  expressions.  A  data  structure  that  represents  a  formula  must  be 
updated  whenever  that  formula  is  derived  using  the  rules  of  obviousness,  and 
updated  in  a  different  way  whenever  the  negation  of  the  formula  is  derived. 
An  analysis  similar  to  that  given  in  section  4  shows  that  the  propagation  pro¬ 
cess  can  be  implemented  in  a  way  that  requires  at  most  0(n3)  time  where 
n  is  the  number  of  expressions  in  T,  assuming  that  hash  table  lookups  take 
constant  time.  As  discussed  in  section  4,  there  is  no  loss  of  generality  in 
assuming  that  applications  involve  at  most  two  arguments. 

We  have  not  yet  ruled  out  the  possibility  that  the  unbounded  inference 
relation  K>  may  be  more  powerful  than  the  inference  relation  H  defined  by  the 
bounded  label-propagation  mechanism,  i.e.,  it  seems  possible  that  E.  T  ho  vp 
and  yet  E,.?7  1/  It  turns  out,  however,  that  the  bounded  relation  is  as 
powerful  as  the  unbounded  relation  and  thus  the  decision  procedure  for  the 
bounded  relation  is  also  a  decision  procedure  for  the  unbounded  relation. 
The  proof  of  this  fact  is  presented  in  the  following  section. 


7  Correctness  of  the  Extended  Decision  Pro¬ 
cedure 


The  claim  that  for  finite  E  and  T  one  can  determine  whether  or  not  E.  J-  ho  if/ 
rests  on  the  claim  that  the  relation  bo  is  the  same  as  the  restricted  relation  K 
Since  both  of  these  relations  are  semantically  sound,  and  H  is  clearly  a  sub¬ 
relation  of  l-o,  it  would  be  sufficient  to  show  that  H  is  semantically  complete. 
Unfortunately,  neither  H  nor  bo  are  semantically  complete  —  the  semantic 
entailment  relation  for  full  taxonomic  syntax  is  undecidable.  Since  no  purely 
semantic  proof  is  possible,  we  give  a  syntactic  proof  that  that  H  is  the  same 
as  bo. 

Suppose  that  E.  T  I /  By  the  definition  of  H,  this  implies  that  E.  T 

where  T  is  the  least  set  closed  over  E,  T  and  'P.  To  prove  that  E..77  (/>  if), 
it  suffices  to  prove  that  E,.?7  tyrtV  for  any  finite  extension  T'  of  T.  This  can 
be  established  by  expanding  T  one  expression  at  a  time. 
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Definition:  A  one  step  /  -extension  of  a  set  T  is  an  expression 
a  that  is  either 

•  a  monadic  predicate  symbol, 

•  a  constant  symbol, 

•  a  variable, 

•  an  atomic  formula  that  is  a  label  formula  of  T, 

•  the  negation  of  a  formula  in  T, 

•  a  disjunction  of  two  formulas  in  T, 

•  an  application  /?(sj,...sn)  where  R  is  either  a  relation  or 
function  symbol  and  each  s,  is  a  class  expression  in  T, 

•  a  such-that  expression  (siS.T.  $(*))  where  s,  x,  and  <P(x) 
are  all  members  of  T  and  for  each  y  in  / ',  <P(y)  is  a  member 
ofT. 


If  T  is  closed  over  E,  /  and  ’J,  and  a  is  a  one  step  /-extension  of  T,  then 
TU  {a}  is  also  closed  over  E,  /,  and  $.  Furthermore,  as  long  as  the  focus  set 
/  is  finite,  the  set  T  can  be  extended  by  a  series  of  one  step  /'-extensions  to 
include  any  desired  expression.5  Thus,  it  suffices  to  prove  that  if  E,/  l/f'P 
where  T  is  closed  over  E,  /,  and  <P,  and  a  is  any  one  step  ./-extension  of  T, 
then  E,/(^-u{a}<P. 

Now  consider  an  arbitriary  set  T  that  is  closed  over  E,  /,  and  such 
that  E,/  let  a  be  a  one  step  /-extension  of  T,  and  let  T'  be  the  set 
T  U  {o}.  We  must  prove  that  E,/  ^tp.  For  the  purposes  of  this  proof  we 
define  a  new  label  formula  to  be  an  extended  label  formula  of  T'  that  is  not 
an  extended  label  formula  of  T.  The  label  formulas  of  T  will  be  called  old 
label  formulas.  We  say  that  an  old  label  formula  0  was  already  derivable  if 
E,  /  hr0.  We  say  that  an  extended  label  formula  0  of  T',  either  new  or  old, 
is  newly  derived  if  0  was  not  already  derivable  and  S ,/  1/^0.  Since  T  is 
closed  over  E,  /,  and  the  formula  'P  must  be  a  member  of  T  and  thus  'P 

5Although  we  are  only  interested  in  the  case  where  T  is  finite,  the  relations  b°  and  H 
are  well  defined  for  infinite  focus  sets.  One  can  prove  that  even  for  infinite  focus  sets  these 
two  relations  are  the  same.  If  T  is  infinite,  one  must  consider  transfinite  sequences  of  one 
step  /extensions. 
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is  an  old  label  formula.  To  show  that  E, T  it  suffices  to  prove  that  no 

old  label  formula  is  newly  derived,  or  equivalently,  that,  every  newly  derived 
formula  is  a  new  label  formula. 

In  proving  that  every  newly  derived  formula  is  a  new  label  formula  we  can 
assume  that  a  is  not  a  member  of  T  and  that  we  cannot  derive  a  contradiction 
by  label  propagation  on  T,  i.e.,  there  is  no  $  such  that  both  <l>  arid  (NOT  $) 
were  already  derived  (if  a  contradiciton  is  already  derivable  then  all  old  label 
formulas  are  also  already  derivable).  Consider  the  kinds  of  expression  that 
a  might  be.  If  a  is  a  monadic  predicate  symbol  then  an  examination  of  the 
inference  rules  show’s  that  the  only  newly  derived  formula  is  (IS  «  «).  If  a  is  a 
constant  symbol  or  a  variable  then  a  similar  examination  of  the  inference  rules 
shows  that  the  only  newly  derived  formulas  are  (is  a  a).  (there-exists  a), 
(DETERMINED  cv),  and  (INTERSECTS  «  a).  The  other  cases  are  more  complex. 

Suppose  a  is  an  atomic  formula  that  is  a  label  formula  of  T.  In  this  case 
the  formula  (not  a)  becomes  a  new  label  formula.  In  fact,  it  is  the  only  new 
label  formula.  None  of  rules  1  through  22  can  derive  a  non-atomic  formula 
and  thus  none  of  these  rules  can  be  used  to  derive  (not  o).  To  see  that  rule 
23  cannot  derive  (not  a)  note  that  since  T  is  closed  over  over  E,  T .  and  'I', 
for  any  such-that  class  expression  (siS.T.  $(*))  in  T  and  any  y  in  T  the 
formula  $(?/)  must  be  in  T  and  thus  $(y)  cannot  be  the  new  label  formula 
(NOT  a).  Skipping  over  rule  24  for  the  moment,  we  note  that  rules  25.  26  and 
29  fail  to  derive  (not  a)  because  (NOT  a)  is  not  contained  in  any  Boolean  label 
formulas.  Rules  27,  28,  and  30  cannot  derive  negations.  Finally,  rule  31  does 
not  apply  because,  by  assumption,  no  contradiction  can  be  derived  by  label 
propagation  on  T.  Thus,  the  only  way  of  deriving  (NOT  o)  is  with  inference 
rule  24.  In  this  case  a  must  be  of  the  form  $(y)  where  y  is  a  member  of  T 
and  there  must  exist  some  2  in  T  such  (IS  y  z)  and  (NO”  <1>(i))  w’ere  already 
derivable.  We  must  show  that  if  (NOT  a)  is  derived  with  inference  rule  24 
then  no  old  label  formulas  can  be  newly  derived.  A  syntactic  analysis  of  the 
rules,  using  the  observation  that  a  does  not  appear  as  a  proper  subfonnula 
of  any  formulas  in  T'.  shows  that  the  only  inference  rules  that  can  use  (NOT  a) 
as  a  premise  are  inference  rules  10,  14,  24  and  31.  The  only  way  inference 
rule  31  could  apply  is  if  the  formula  <!>(?/)  was  already  derivable.  In  this  case 
inference  rule  21  ensures  that  $(:)  was  already  derivable.  But  this  violates 
the  assumption  that  no  contradiction  was  already  derivable.  If  some  instance 
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of  rule  10  or  14  can  be  used  to  derive  an  old  label  formula  0(y)  from  the 
premise  (HOT  4 >(y)),  then  the  formula  O(z)  must  already  have  been  derivable 
by  the  same  rule.  In  this  case  the  formula  0(y)  must  already  have  bee., 
derivable  from  0(^)  by  inference  rule  24. 

The  cases  where  a  is  either  the  negation  of  a  member  of  T  or  the  disjunc¬ 
tion  of  two  members  of  T  are  similar  to  the  case  where  a  is  an  atomic  label 
formula  and  will  not  be  discussed  in  detail  here.  It  remains  only  to  consider 
the  two  cases  where  a  is  a  class  expression  other  than  a  constant  or  monadic 
predicate  symbol.  Suppose  that  a  is  an  application  R(s\, . . .  sn)  where  each 
class  expression  s,  is  a  member  of  T.  In  this  case  the  new  label  formulas  are 
all  atomic  formulas  involving  the  class  a.  We  wish  to  show  that  all  of  the 
newly  derived  formulas  are  new  label  formulas.  To  show  this  we  show  that 
the  inference  rules  maintain  the  following  invariants: 


•  Every  newly  derived  formula  is  a  new  label  formula. 

•  If  (is  a  t)  is  newly  derived  where  t  is  in  T,  then  either  (is  A-Thing  t) 
was  already  derived,  or  there  exists  a  class  expression  R(w\, . .  .wn)  in 
T  such  that  (is  w.)  was  already  derived  for  each  w,  and  the  formula 
(IS  R(wi, . .  .wn)  <)  was  also  already  derived. 

•  If  (IS  t  a)  is  newly  derived  where  t  is  in  T,  then  either: 

1.  T  contains  a  class  expression  R{w\, . .  ,wn)  cucu  mat  (is  «,)  was 
already  derived  for  each  tw,  and  (is  t  R(w\, . .  .wn))  was  also  already 
derived,  or 

2.  there  exists  a  class  expression  t'  in  T  such  that  (determined  t')  and 
(IS  t  t')  were  already  derived,  and  (INTERSECTS  t:  a)  will  be  newly 
derived. 

•  If  (THERE-EXISTS  a)  or  (INTERSECTS  a  a)  is  newly  derived,  then  either 
R  is  a  function  symbol  and  (THERE-EXISTS  $,)  was  already  derived  for 
each  S{,  or  there  exists  some  members  t  and  R(w\, . . .  wn  )  of  T  such 
that  (THERE-EXISTS  t )  and(is  t  R(wi, . .  ,wn))  were  already  derived,  and 
(IS  R(w i, . . .  wn)  a)  will  be  newly  derived. 


25 


•  If  (DETERMINED  a)  is  newly  derived,  then  either  R  is  a  function  sym¬ 
bol  and  (DETERMINED  s,)  was  already  derived  for  each  s,  or  there  ex¬ 
ists  some  member  t  of  T  such  that  (IS  a  t)  will  be  newly  derived  and 
(DETERMIIED  t)  was  already  derived. 

•  If  (INTERSECTS  a  t)  or  (INTERSECTS  t  a)  is  newly  derived,  where  t  is  in  T, 
then  either  (IS  A-Thing  t)  was  already  derived  and  (THERE-EXISTS  «)  will 
be  derived,  or  there  exists  a  class  expression  R(u\, . .  .wn)  in  T  such 
that  either: 

1.  f?  is  a  function  symbol,  and  the  formulas  (INTERSECTS  u>!  st),  ..  . 
(INTERSECTS  wn  Sn),  and  (IS  R(w u. .  .wn)  t)  were  already  derived,  or 

2.  formulas  (IS  si),  ...(is  wn  sn),  and  (intersects  R(wi,  . .  ,w„)  t ) 
were  already  derived. 


Since  all  new  label  formulas  are  atomic  formulas  not  contained  in  any 
Boolean  formulas  in  T,  none  of  the  Boolean  rules  apply  (i.e.,  none  of  them 
can  fire  as  long  no  old  label  formulas  are  newly  derived).  The  definition  of 
closure  over  E,  J- ,  and  'P  ensure  that  rules  21,  22,  and  23  do  not  apply.  Thus 
we  need  only  check  these  invariants  for  inference  rules  24  and  1  though  20. 
We  will  spare  the  reader  the  laborious  case  analysis  necessary  to  verify  that 
these  rules  maintain  the  above  invariants. 

Now  suppose  that  a  is  a  such-that  class  expression  (siS.T.  <E>(x)).  This 
case  is  similar  to  the  case  where  a  is  an  application;  we  show  that  the  infer¬ 
ence  rules  preserve  a  certain  set  of  invariants.  To  state  the  invariants  that 
are  preserved  in  this  particular  case  we  first  define  an  a -witness  to  be  an 
element  y  of  the  focus  set  T  such  that  E,  T  Hr(is  y  s)  and  E,  T  Ht$(j/).  For 
any  a- witness  y  inference  rule  20  gurantess  that  the  formula  (is  y  a)  will  be 
newly  derived.  Given  the  notion  of  an  o-witness,  the  invariants  maintained 
by  the  inference  rules  can  be  concisely  stated  as  follows: 


•  Every  newly  derived  formula  is  a  new  label  formula. 

•  If  (IS  a  t)  is  newly  derived  and  t  is  in  T  then  (is  s  t)  was  already 
derived. 
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•  If  (IS  t  a)  is  newly  derived  and  t  is  in  T  then  there  exists  an  a- witness 
y  such  that  (IS  t  y)  was  already  derived. 

•  If  (THERE-EXISTS  a)  or  (IHTERSECTS  a  a)  is  newly  derived  then  there  exists 
an  a-witness. 

•  If  (DETERMIHED  a)  is  newly  derived  then  (DETERMIHED  s)  was  already  de¬ 
rived. 

•  If  (IHTERSECTS  t  a)  or  (IHTERSECTS  a  t)  is  newly  derived  and  t  is  a  member 
of  T  then  there  exists  an  a-witness  y  such  that  (IS  y  t)  was  already 
derived. 

As  in  the  previous  case,  all  of  the  new  label  formulas  are  atomic  formulas 
that  do  not  appear  in  any  Boolean  expressions  that  are  members  of  T.  This 
implies  that  none  of  the  Boolean  rules  apply.  We  again  spare  the  reader  the 
laborious  case  analysis  necessary  to  verify  that  rules  1  through  24  preserve 
the  above  invariants. 

This  completes  our  presentation  of  the  proof  that  H  is  the  same  as  bo. 
This  result  can  be  summarized  in  the  statement  that  the  restricted  relation 
H  is  syntactically  complete  relative  to  the  unrestricted  relation  K>  The  proof 
involves  a  fairly  long  case  analysis  most  of  which  has  not  been  explicitly  given 
here.  This  is  unfortunate  because  many  of  the  inference  rules  and  definitions 
presented  in  this  paper  are  motivated  by  the  desire  that  H  be  syntactically 
complete  relative  to  bo.  The  long  case  analysis  required  to  prove  the  syntactic 
completeness  of  H  obscures  the  role  played  by  particular  inference  rules  and 
definitions.  In  spite  of  considerable  effort,  we  have  not  been  able  to  find  a 
more  concise  proof  of  the  equivalence  of  H  and  bo. 


8  A  High-Level  Proof  System 


A  high-level  proof  is  a  series  of  lines  where  each  line  contains  a  “sequent”  of 
the  form  E  b  $  where  E  is  a  set  of  formulas  and  4>  is  either  a  formula  or  the 
special  token  F.6.  The  lines  of  a  high-level  proof  are  divided  into  two  kinds: 

6A  more  “user-friendly”  syntax  for  high-level  proofs  is  given  in  [McAllester,  1989] 
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syntactically  derived  lines  and  unjustified  lines.  A  syntactically  derived  line 
is  a  line  that  can  be  derived  from  previous  lines  using  one  of  the  following 
five  high-level  proof  rules.  Each  high-level  proof  rule  is  a  form  of  universal 
generalization.7  The  need  to  include  rules  of  universal  generalization  in  the 
high-level  proof  system  will  be  discussed  further  in  the  presentation  of  the 
high-level  completeness  proof  (section  9).  In  the  following  rules  x.  and  each 
Xi,  must  be  a  variable  that  does  not  appear  free  in  any  formula  in  E  or  in 
any  of  the  class  expressions  s,  t  or  s,.  In  the  last  rule  2  must  be  a  variable 
but  there  are  no  restrictions  on  where  2  can  appear,  e.g.  2  may  appear  free 
in  E  or  any  s,. 

E  1-  (IOT  (IS  x  s)) 

E  h (HOT  (THERE-EXISTS  s)) 


E  U  {(IS  X\  s),  (IS  x2  «)}  H  (IS  xi  x2) 

E  h  {(DETERMIMED  s)} 

EU  {(IS  x  s),  (IS  i()}hF 
E  h  (HOT  (IHTERSECTS  s  t )) 

EU  {(IS  x  s)}  h  (IS  x  t) 

E  H  (IS  s  t ) 

E  U  {(IS  xj  (IS  *„  5„)}  h  (HOT  (IS  2  fl(*lf...*B))) 

E  h  (HOT  (IS  2  R(s i, .  ..«„))) 


A  line  of  a  high-level  proof  that  is  not  derived  from  previous  lines  using 
one  of  the  high-level  generalization  rules  is  called  an  unjustified  line.  Each 

7In  a  user-friendly  version  of  the  high-level  proof  system,  each  high-level  rule  of  uni¬ 
versal  generalization  appears  in  its  contrapositive  form;  rather  than  derive  a  universal 
statement  from  a  statement  about  an  arbitrary  individual,  the  user-friendly  high-level 
system  allows  one  to  introduce  witnesses  based  on  existential  statements. 
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unjustified  line  in  a  high-level  proof  must  be  explicitly  associated  with  a  set 
of  variables  called  the  focus  set  of  that  line.  Consider  an  unjustified  line 
E  h  $  with  associated  focus  set  T .  Intuitively,  each  unjustified  line  must 
obviously  follow  from  previous  lines  in  the  proof.  Let  E'  be  E  plus  all  formulas 
previously  proven  to  follow  from  E,  i.e.,  all  formulas  $  such  that  the  proof 
contains  an  earlier  line  of  the  form  T  h  $  where  T  is  a  subset  of  E.  An 
unjustified  line  E  h  $  with  associated  focus  set  T  must  follow  from  previous 
lines.  More  specifically,  if  $  is  the  constant  F,  then  we  must  have  E',  T  b°  F. 
If  $  is  some  formula  other  than  F,  then  we  must  have  E'  U  {(HOT  $)},  T  b  F. 

It  is  important  to  be  able  to  quickly  determine  if  a  series  of  high-level 
proof  lines  is  acceptable,  i.e.  that  each  unjustified  line  satisfies  the  condi¬ 
tion  specified  above.  The  cost  of  determining  the  acceptability  of  a  given 
unjustified  line  is  quite  sensitive  to  the  size  of  the  focus  set  T  associated 
with  that  line.  The  high-level  completeness  theorem  given  in  the  following 
section  shows  that  if  a  formula  $  semantically  follows  from  a  set  of  formulas 
E  then  there  exists  a  high-level  derivation  of  the  sequent  E  h  $  such  that 
each  unjustified  line  involves  at  most  one  focus  object.  However,  proofs  can 
be  made  much  shorter  by  allowing  unjustified  lines  to  be  associated  with 
more  than  one  focus  object.  Thus  there  is  a  trade-off  between  proof  length 
and  the  time  required  to  machine  verify  the  proof:  short  proofs,  in  which 
unjustified  lines  have  many  focus  objects,  take  longer  to  machine  verify  than 
longer  proofs  in  which  unjustified  lines  are  associated  with  fewer  focus  ob¬ 
jects.  In  the  proof  of  the  Stone  representation  theorem  from  the  axioms  of  set 
theory,  described  in  [McAllester,  1989],  unjustified  lines  involved  up  to  ten 
focus  objects.  It  is  possible  to  show  that  the  size  of  the  network  generated 
in  determining  if  T, JF"  bo  F  is,  in  the  worst  case,  0([r]|^r|Q)  where  [r]  is 
the  number  of  expressions  that  are  either  members  of  T  or  appear  in  some 
member  of  T,  \T\  is  the  number  of  elements  of  T,  and  Q  is  the  maximum 
level  of  quantifier-nesting  that  appears  in  any  formula  In  I\  In  practice  the 
maximum  level  of  quantifier  nesting  remains  small  and,  as  a  rule  of  thumb, 
the  size  of  the  network  appears  proportional  to  [r]|^’j3. 
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9  High-Level  Completeness 


Throughout  this  section  we  only  consider  high-level  proofs  in  which  unjus¬ 
tified  lines  have  at  most  one  focus  object.  It  turns  out  that  this  restricted 
high-level  proof  system  is  semantically  complete  for  first  order  taxonomic 
formulas.  More  specifically,  if  a  formula  $  semantically  follows  from  a  set  of 
formulas  £,  then  there  exists  a  high-level  proof  that  ends  with  the  line  E  h  $ 
and  in  which  every  unjustified  line  has  at  most  one  focus  object.  To  prove  this 
result  one  can  first  observe  that  there  exists  a  high-level  derivation  of  £  b  $ 
if  and  only  if  there  exists  a  high-level  derivation  of  £  U  {(HOT  $)}  b  F.  To 
prove  this  it  suffices  to  observe  that,  given  a  high-level  derivation  of  £  b  $, 
the  line  £  U  {(HOT  $)}  h  F  can  be  immediately  added  as  an  unjustified  line 
with  an  empty  focus  set.  Similarly,  given  a  derivation  of  £  U  {(not  $)}  b  F, 
the  line  £  b  $  can  be  acceptably  added  without  justification.  To  prove  the 
high-level  system  is  complete,  we  assume  that  there  is  no  derivation  of  £  b  $ 
and  we  show  that  in  this  case  there  exists  a  model  of  £  in  which  $  is  false. 
If  there  is  no  derivation  of  £  b  $  then  there  must  not  be  any  high-level 
derivation  of  £  U  {(HOT  $)}  b  F.  To  prove  that  there  exists  a  model  of  £  in 
which  $  is  false,  it  now  suffices  to  show  that,  for  any  set  of  formulas  T,  if 
there  is  no  derivation  of  T  b  F,  then  there  exists  somp  model  of  T. 

Suppose  that  there  is  no  derivation  of  T  b  F.  One  can  construct  a 
model  of  T  using  techniques  analogous  to  those  used  in  standard  proofs  of 
first  order  completeness.  For  simplicity  we  assume  that  the  set  of  constant, 
function  and  predicate  symbols  in  the  language  is  countable  and  that  there 
is  a  countably  infinite  set  of  variables.  In  this  case  one  can  enumerate  all 

taxonomic  formulas  in  an  infinite  sequence  Oj,  ©2,  03 _ 8  Given  that  there 

is  no  derivation  of  T  b  F,  one  can  then  construct  an  infinite  sequence  of  sets 
of  formulas  Q1?  fi2,  ...  by  setting  Oj  equal  to  T  and  defining  Qj+1  as 
follows: 


1.  If  there  exist.®  a  derivation  of  b  (NOT  Qj)  then  set  QJ+j  equal  to  Qj. 

2.  If  there  is  no  derivation  of  Qj  b  (NOT  0;),  and  Qj  is  a  formula  of  the 

8The  completeness  proof  can  be  modified  to  handle  uncountable  languages,  in  which 
case  one  constructs  a  transfinite  enumeration  of  formulas. 
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form  (THERE-EXISTS  s),  then  let  x  be  some  variable  that  does  not  appear 
in  s  or  ff,  and  set  flJ+1  to  be  Qj  U  {0j,  (IS  x  $)}. 

3.  If  there  is  no  derivation  of  Vlj  b  (NOT  ©j),  and  Oj  is  a  formula  of  the 
form  (NOT  (DETERMINED  s)),  then  let  x  and  y  be  variables  that  are  not  free 
in  s  or  Clj  and  set  f!J+1  to  be  Qj  U  {0Jf  (IS  x  s),  (IS  y  s),  (NOT  (is  x  t/))}. 

4.  If  there  is  no  derivation  of  Qj  b  (NOT  ©j),  and  0j  is  a  formula  of  the 
form  (INTERSECTS  s  <),  then  let  x  be  some  variable  that  does  not  appear 
free  in  s,  t  or  Qj  and  set  Qj+J  to  be  f lj  U  {0j,  (IS  x  s),  (IS  x  <)}. 

5.  If  there  is  no  derivation  of  Qj  b  (NOT  0;),  and  0j  is  a  formula  of 
the  form  (NOT  (IS  s  t))  where  s  is  not  a  variable,  then  let  x  be  some 
variable  that  does  not  appear  free  in  s,  t  or  Qj  and  set  QJ+1  to  be 
Qj  U  {0j,(IS  x  s),  (NOT  (IS  x  *))}. 

6.  If  there  is  no  derivation  of  f lj  b  (NOT  0;  )  and  0j  is  a  formula  of  the  form 
(IS  x  R(si, . .  .s„))  where  x  is  a  variable,  then  let  j/j,  ...  yn  be  variables 
that  do  not  appear  free  in  flj  or  in  any  of  the  class  expressions  Sj,  and 
set  nj+1  equal  to  SI,  U  {©^(IS  x  R(yu  . .  IS  y j  Si), . . .  (IS  yn  s„)}. 

7.  If  none  of  the  above  conditions  apply,  then  set  0J+1  equal  to  fij  U  {0y }. 


Given  the  high  level  proof  rules  introduced  in  the  previous  section,  one 
can  show  that  each  fij  is  a  finite  set  of  formulas  that  contains  T  and  that  there 
does  not  exist  any  derivation  of  flj  b  F.  Steps  2,  3,  4,  and  5  ensure  that,  if  0_, 
is  an  existential  statement  that  is  a  member  of  fij+i  then  there  are  variables 
that  act  as  witnesses  to  0j  in  Sl,+1.  For  example,  if  Q:  is  (THERE-EXISTS  s)  and 
0j  is  a  member  of  flj+i,  then  there  is  some  variable  x  such  that  flj+i  contains 
the  formula  (IS  x  s).  Steps  2,  3,  4,  5,  and  6  in  the  above  specification  directly 
correspond  to  the  five  high-level  generalization  rules  presented  in  section  8. 
For  each  of  these  steps,  the  proof  of  the  consistency  of  the  newly  constructed 
set  flj+i  relies  on  the  existence  of  the  corresponding  high-level  generaliza¬ 
tion  rule.  Thus,  the  generalization  rules  in  the  high-level  proof  system  are 
needed  because  they  indirectly  allow  the  introduction  of  witnesses  for  exis¬ 
tential  statements.  In  a  user-friendly  high-level  proof  system  the  high-level 
generalization  rules  can  either  be  used  directly  or  used  in  the  contrapositive 
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form  where  they  allow  the  introduction  of  new  witnesses  to  previously  proven 
existential  statements. 

Now  let  fl  be  the  union  of  all  sets  f lj.  It  is  possible  to  show  that  fl  is  both 
consistent  and  complete.  More  specifically,  for  any  formula  exactly  one 
of  the  two  formulas  '£  and  (IOT  ’!>)  is  contained  in  fl.  Furthermore,  one  can 
show  that  the  set  of  formulas  fl  is  closed  under  all  of  the  rules  of  obviousness 
where  the  rules  for  such-that  expressions  are  no  longer  restricted  to  focus 
objects. 

One  can  now  define  a  first  order  structure  whose  domain  consists  of  equiv¬ 
alence  classes  of  variables.  More  specifically,  for  any  variable  x  we  define  |x| 
to  be  the  set  of  variables  y  such  that  the  formula  (IS  x  y)  is  a  member  of  fl. 
The  rules  of  obviousness  for  is-formulas  ensure  that  these  sets  form  equiva¬ 
lence  classes  of  variables.  We  take  the  domain  of  the  first  order  structure  to 
be  the  collection  of  equivalence  classes  of  the  form  |x|.  It  is  now  possible  to 
define  an  interpretation  of  the  variables,  constants,  functions,  relations,  and 
predicate  symbols  such  that  the  semantic  value  of  a  class  expression  s  equals 
the  set  of  classes  |x|  such  that  the  formula  (is  x  s)  is  a  member  of  fl  and  such 
that,  for  every  formula  the  semantic  interpretation  makes  'k  true  just  in 
case  'F  is  a  member  of  fl.  This  provides  an  interpretation  of  I\  Thus  one  can 
establish  that  if  there  is  no  derivation  of  T  b  F  then  there  exists  a  semantic 
interpretation  of  T,  and  similarly,  if  there  is  no  derivation  of  S  b  $,  then 
there  exists  an  interpretation  of  E  in  which  $  is  false. 


10  Taxonomic  vs.  Classical  Syntax 


To  compare  taxonomic  and  classical  syntax  we  consider  a  high-level  proof  sys¬ 
tem  analogous  to  the  one  defined  in  section  8  but  based  on  classical  rather 
than  taxonomic  syntax.  A  high-level  proof  in  the  system  based  on  classical 
syntax  is  also  a  series  of  lines  where  each  line  is  “sequent”  E  b  $.  Like 
the  taxonomic  system,  the  classical  system  is  based  on  an  obviousness  rela¬ 
tion  bo  and  the  high-level  proof  system  allows  unjustified  lines  where  each 
unjustified  line  must  be  explicitly  associated  with  a  set  of  variables  called 
the  focus  set  for  that  line.  The  conditions  under  which  an  unjustified  line  is 
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acceptable  are  identical  in  both  the  taxonomic  and  classical  systems  except 
that  the  two  systems  are  based  on  different  obviousness  relations.  Although 
the  obviousness  relations  underlying  the  two  systems  are  different,  each  of 
the  two  obviousness  relations  is  defined  by  a  set  of  inference  rules  called  rules 
of  obviousness. 

In  the  classical  system  the  rules  of  obviousness  presented  in  section  3  are 
replaced  by  the  standard  rules  of  inference  for  equality:  reflexivity,  symmetry, 
transitivity,  and  rules  that  allow  the  substitution  of  equals  for  equals  in  terms 
and  atomic  formulas.  These  rules  of  inference  for  equality  are  complete  for 
classical  literals:  if  the  rules  cannot  derive  a  contradiction  form  a  set  of  first 
order  literals,  then  the  set  of  literals  is  satisfiable. 

The  rules  of  obviousness  that  involve  Boolean  connectives  are  exactly  the 
same  in  both  the  taxonomic  and  classical  systems.  In  the  classical  system, 
we  assume  that  the  only  quantifier  is  the  classical  universal  quantifier  V.  The 
three  taxonomic  rules  of  obviousness  involving  such-that  class  expressions  are 
replaced,  in  the  classical  system,  by  the  following  single  rule  of  obviousness. 
In  the  following  rule  y  must  be  a  variable  in  T . 

Vx<&(x) 

*(V) 

The  five  high-level  taxonomic  generalization  rules  are  replaced,  in  the 
classical  system,  by  the  following  single  high-level  generalization  rule.  In  the 
following  rule  x  must  be  a  variable  that  does  not  appear  free  in  S. 

EF$(x) 

E  K  Vx$(x) 


Unlike  taxonomic  syntax,  the  classical  rules  of  obviousness  involving  focus 
objects  make  the  relationship  between  focus  objects  and  previously  proven 
lemmas  explicit;  the  rules  of  obviousness  allow  any  previously  proven  univer¬ 
sal  lemma  to  be  applied  to  any  focus  object.  In  the  taxonomic  system,  a  for¬ 
mula  of  the  form  V:r$(:r)  is  represented  by  (IS  A-Thing  (A-Thing  x  S.T.  $(x))). 
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If  y  is  a  focus  object  then  the  taxonomic  rules  of  obviousness  allow  the 
derivation  of  (is  y  A-Thing)  and  given  the  above  is-formula,  one  can  derive 
(IS  y  (A-Thing  x  S.T.  $(x))).  The  rules  of  obviousness  for  such-that  expres¬ 
sions  then  allow  the  derivation  of  $(y).  Thus,  the  above  classical  rule  of 
universal  instantiation  for  focus  objects  is  subsumed  by  the  taxonomic  rules 
of  obviousness.  In  fact,  all  of  the  methods  of  deriving  new  lines  in  the  clas¬ 
sical  high-level  proof  system  are  subsumed  by  methods  of  deriving  new  lines 
in  the  taxonomic  high-level  proof  system.  This  claim  can  be  formalized  by 
giving  a  procedure  for  translating  any  proof  in  the  classical  high-level  system 
into  a  corresponding  proof  in  the  taxonomic  system. 

For  any  classical  first  order  formula  $,  the  taxonomic  translation ,  T($) 
of  the  formula  $  is  defined  by  structural  induction  on  $.  If  $  is  an  atomic 
formula  of  the  form  R(si, . . .  sn)  then  T($)  is  the  atomic  taxonomic  for¬ 
mula  (IS  sn  R(si, . .  ,s„_i)).  T((OR  0  ^))  equals  (OR  T(0)  T('t))  and  T((IOT  4')) 
equals  (MOT  T('J1)).  If  $  is  a  universal  formula  Vx'I'(x),  then  T($)  is  the 
formula  (IS  A-Thing  (A-Thing x  S.T.  T( <£(*)))).  For  any  set  E  of  classical  first 
order  formulas,  T’(E)  is  the  set  of  taxonomic  formulas  of  the  form  T’(^)  for 
some  in  E.  If  P  is  a  high-level  proof  in  the  classical  high-level  proof 
system,  then  T(P )  is  the  sequence  of  lines  derived  by  translating  each  un¬ 
justified  line  E  h  $  in  P  to  an  unjustified  line  T( E)  h  T($)  leaving  the 
focus  set  of  the  line  unchanged,  and  translating  each  universal  generalization 
line  E  h  Vx<I>(x)  to  an  unjustified  line  of  the  form  T( E)  U  {(IS  x  A-Thing)}  h 
(IS  x  (A-Thing x  S.T.  $(x)))  with  focus  set  {x}  followed  by  the  generalization 
line  T(E)  b  T(Vx$(x)). 


Taxonomic  Domination  Theorem:  The  taxonomic  proof  sys¬ 
tem  dominates  the  classical  proof  system  in  the  sense  that  for  any 
acceptable  high-level  proof  P  in  the  classical  system,  the  proof 
T(P)  is  acceptable  in  the  taxonomic  system. 


Intuitively,  the  proof  rules  of  the  taxonomic  system  include  the  proof 
rules  of  the  classical  system  as  a  special  case.  This  is  not  a  surprising  result 
and  is  not  difficult  to  prove.  We  conjecture,  however,  that  the  converse  of 
this  theorem  does  not  hold,  i.e.,  the  taxonomic  high-level  proof  system  is  not 
subsumed  by  the  classical  high-level  proof  system. 
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Strict  Domination  Conjecture:  For  any  (large)  constant  k 
there  exists  a  classical  first  order  formula  $  and  a  taxonomic 
proof  P  of  T($)  such  that  the  shortest  proof  of  $  in  the  classical 
high-level  proof  system  has  length  greater  than  k  times  the  length 
of  P. 


If  this  conjecture  is  true,  then  there  would  exist  a  first  order  statement  and 
a  taxonomic  proof  of  that  statement  such  that  the  shortest  classical  proof  is, 
say,  a  hundred  times  longer  than  the  taxonomic  proof. 


1 1  Conclusion 


We  have  defined  a  taxonomic  syntax  for  first  order  predicate  calculus  and 
have  presented  several  technical  results  describing  computational  properties 
of  this  syntax.  Quantifier-free  taxonomic  literals  are  more  expressive  than 
literals  of  classical  first  order  logic  and  yet  there  exists  a  polynomial  time 
decision  procedure  for  determining  the  satisfiability  of  a  set  of  quantifier-free 
taxonomic  literals.  We  have  also  investigated  the  value  of  taxonomic  syntax 
in  general  theorem  proving.  We  have  define  high-level  proof  systems  for 
both  taxonomic  and  classical  systems  and  shown  that  the  taxonomic  system 
subsumes  the  classical  system.  Furthermore,  we  conjecture  that  the  reverse 
is  not  true,  i.e.,  that  there  exist  high-level  taxonomic  proofs  such  that  any 
classical  high-level  proof  of  the  same  result  is  much  longer. 
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